Skip to content

Is Telegram safe?

  • by
  • 8 min read

Is Telegram safe to use? You are probably wondering this question. Telegram is one of the most popular messaging apps launched in 2013 by two Russian brothers, Pavel and Nikolai Durov.

Telegram has emerged as one of the most formidable competitors to WhatsApp and other messaging apps, with over 500 million active users worldwide.

Telegram is available for all platforms, including iOS, Android, Windows Phone, macOS, and Linux and is especially popular among journalists, activists, and cryptocurrency enthusiasts.

But how safe is Telegram? What are the encryption methods and privacy options opted by this app, and what are the potential security risks and limitations? In this article, we’ll answer all these questions in detail. So read the article until the end to get a complete picture.

Security features of Telegram

Telegram claims to offer its users two layers of secure encryption: server-client and client-client.

Server-client encryption is used for regular chats stored in the Telegram cloud. This means that Telegram can access and decrypt your messages if they have the encryption key or are compelled by law enforcement. However, the privacy policy of Telegram mentions that Telegram does share or sell your data to any third-party entity and only stores the data on its servers.

The other encryption, client-to-client encryption, is used for secret chats not stored on Telegram’s servers. This means that you and your chat buddy can access and decrypt your messages, and no one else, not even Telegram, can see them.

Apart from being inaccessible to outsiders, secret chats have a few other privacy features, such as:

  • Self-destructing messages: You can set a timer for your messages, after which it disappears from your chat.
  • Screenshot prevention: You can prevent anyone from taking screenshots of the conversations.
  • Forwarding prevention: You can prevent your chat partner from forwarding your messages to other chats.
  • Device-specific chats: When you start a chat on one device, you cannot transfer it to any other device.

Telegram uses the MTProto encryption protocol based on 256-bit symmetric AES encryption, 2048-bit RSA encryption, and Diffie-Hellman key exchange. There are still debates about the extent to which MTProto is able to provide security. Telegram claims that many independent experts have tested the protocol and is now deemed to be secure enough. However, some critics have argued that MTProto is not proven to be secure and still has some design flaws and vulnerabilities.

You can also turn on two-factor authentication (2FA) for a more secure Telegram experience. Just head to Settings > Privacy and Security and then turn on Two-Step Verification.

Also read: How to know a website is safe?

Privacy policy of Telegram explained

In this section, we’ll analyse the privacy policy of Telegram in detail, which will help us further assess the safety of the application.

Regarding data protection, the question of Telegram’s security arises. Telegram’s reputation isn’t entirely unblemished in terms of safety due to its default lack of end-to-end encryption, which exposes messages to potential vulnerabilities.

Telegram’s reputation as a privacy-oriented app is largely a byproduct of strategic marketing rather than intrinsic security. Telegram asserts two core principles guiding its data collection approach:

  • Data isn’t exploited for targeted advertisements.
  • Only essential data for Telegram’s functionality is retained.

Additionally, personal data isn’t disclosed to external third-party data centres. While everyday cloud chats are stored on Telegram’s servers, this data remains encrypted, mitigating risks of exposure or theft.

That being said, Telegram shares your data with various entities, including:

  • Fellow Telegram users (messages, contacts, and usernames)
  • Affiliated Telegram entities (Telegram Group Inc, Telegraph Inc, Telegram FZ-LLC)
  • Law enforcement agencies (based on court orders involving terrorism suspicions)
  • Third-party firms like Google LLC (for text and voice message translations)

What data does Telegram collect?

Telegram compiles and retains a substantial range of user and message data, encompassing:

  • Unencrypted content from standard cloud chats (messages, media, files)
  • Encrypted media from secret chats
  • Phone numbers and contact details from synced devices
  • Location data (with user consent)
  • Web-version cookies
  • Metadata encompassing IP addresses, device IDs, and app usage history

You may ask, in which country does Telegram store its data? The data is stored in Dutch data centres, yet Telegram is uncertain about the data retention duration.

Also read: Is Signal Safe? Should you use it instead of Whatsapp? FAQs

What are the risks and limitations of using Telegram?

While Telegram presents various security features, it’s imperative to grasp the associated vulnerabilities and constraints before embracing this platform. Here are key aspects to consider:

  • Default configuration: Telegram’s default settings don’t encompass end-to-end encryption across all conversations; this security layer is reserved for secret chats. Manual activation of secret chats becomes pivotal for heightened privacy. However, users might remain oblivious to this option or overlook its use.
  • Cloud storage: Telegram’s cloud-based storage of regular chats exposes them to potential cyber threats and legal requisitions. While data sharing or selling isn’t Telegram’s practice, susceptibility to cyberattacks and government influences persists. The 2016 breach incident is an example of when hackers claimed to infiltrate Telegram servers, disclosing Iranian users’ phone numbers and IDs.
  • Metadata traces: Despite opting for secret chats, Telegram still accumulates certain metadata surrounding communications – parties engaged, online timings, app usage frequency, and device specifics. This metadata repository could inadvertently unveil facets of your identity, location, habits, and preferences.
  • User validation dynamics: Telegram differs from counterparts like Signal or WhatsApp, eschewing phone number verification or QR code authentication to verify chat participants. Consequently, trust in your conversation partner’s claimed identity becomes pivotal, with no recourse against impostors or malicious agents.
  • Navigating content moderation: Telegram’s dual identity as a champion of free speech and an enforcer of content moderation principles adds complexity. The platform touts its stance on expunging illicit content like child exploitation imagery or terrorist indoctrination from servers. However, this moderation extends to other content infringing its terms or local laws. Notably, Russia’s 2018 ban on Telegram stemmed from its refusal to provide encryption keys to authorities.

It should be clear from the above information that Telegram isn’t safe for use if you don’t use cyber protection methods. In the next section, we’ll discuss how to make Telegram safe.

Also read: Is 9Anime safe? 

How to stay secure while using Telegram?

Should you opt to utilise Telegram for your communication needs, several measures you can adopt to enhance your safety and privacy during its usage exist.

You can consider the following steps:

Employ Secret Chats

For a more secure and private means of communication, always opt for secret chats over regular ones. Secret chats incorporate end-to-end encryption and other privacy functionalities that shield your messages from potential intruders. To initiate a secret chat, select the profile of your intended conversational partner, then click on the three dots icon and choose Begin Secret Chat.

Utilise Self-Destructing Messages

To ensure your messages leave no traces on your or your chat partner’s device, utilise self-destructing messages.

Employ a Robust Password

To avert unauthorised access to your Telegram account, implement a robust password resistant to guessing or cracking. Additionally, enable two-step verification, necessitating a secondary code dispatched to your email or phone number during logins from novel devices. To establish a password and two-step verification, navigate to Settings > Privacy and Security > Passcode Lock and Two-Step Verification.

Use a VPN

If you wish to obscure your IP address and geographical location from both Telegram and third parties, adopting a Virtual Private Network (VPN) is advisable. A VPN encrypts and reroutes your online traffic through a secure server in another nation. This measure can also aid in bypassing censorship and gaining access to Telegram if it’s inaccessible in your locale. However, exercise caution when selecting a VPN service, as certain providers may not be reliable or may retain logs of your online activities.

Here’s a list of the top 7 VPNs for various platforms.

In conclusion, Telegram is a useful messaging application if used with precaution. If you’re looking for a safe chat application, we’ll advise you to go with Signal or some other app and use Telegram only as a backup.

Also read: Is Restoro safe?


Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: [email protected]